Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-84884

The Tiny plugin "use" capabilities are defined in the wrong context level

XMLWordPrintable

    • MOODLE_500_STABLE
    • MOODLE_500_STABLE
    • Hide
      1. Log in as admin
      2. Create a new user
      3. Create a course
      4. Enrol user as Teacher in course
      5. On the participants page, navigate to course Permissions
      6. Prohibit the tiny/media:use capability from the Teacher role
      7. Log out
      8. Log in as test user
      9. Navigate to test course
      10. Press Settings
      11. Confirm within the Description editor element there are no toolbar buttons for inserting image/media
      12. Log out
      13. Log back in as admin
      14. Navigate to test course
      15. Press Announcements forum
      16. Press More > Permissions
      17. In the Filter box enter "tiny/"
      18. Confirm all tiny/<plugin>:use capabilities are present and can be configured for the activity
      Show
      Log in as admin Create a new user Create a course Enrol user as Teacher in course On the participants page, navigate to course Permissions Prohibit the tiny/media:use capability from the Teacher role Log out Log in as test user Navigate to test course Press Settings Confirm within the Description editor element there are no toolbar buttons for inserting image/media Log out Log back in as admin Navigate to test course Press Announcements forum Press More > Permissions In the Filter box enter "tiny/" Confirm all tiny/<plugin>:use capabilities are present and can be configured for the activity
    • Hide

      Fails against automated checks.

      Checked MDL-84884 using repository: https://github.com/paulholden/moodle.git

      Should these errors be fixed?

      Built on: Wed Mar 26 04:45:26 UTC 2025

      Show
      Fails against automated checks. Checked MDL-84884 using repository: https://github.com/paulholden/moodle.git main [branch: MDL-84884 | CI Job ] Error: The MDL-84884 branch at https://github.com/paulholden/moodle.git does not apply clean to origin/main Error: Merge conflict(s) in file(s): Error: lib/editor/tiny/plugins/media/version.php Should these errors be fixed? Built on: Wed Mar 26 04:45:26 UTC 2025
    • Hide

      Launching automatic jobs for branch MDL-84884

      Built on: Wed Mar 26 06:25:16 UTC 2025

      Show
      Launching automatic jobs for branch MDL-84884 https://ci.moodle.org/view/Testing/job/DEV.02%20-%20Developer-requested%20PHPUnit/18796/ PHPUnit (sqlsrv) https://ci.moodle.org/view/Testing/job/DEV.01%20-%20Developer-requested%20Behat/64385/ Behat (NonJS - boost and classic) https://ci.moodle.org/view/Testing/job/DEV.01%20-%20Developer-requested%20Behat/64386/ Behat (Firefox - boost) https://ci.moodle.org/view/Testing/job/DEV.01%20-%20Developer-requested%20Behat/64387/ Behat (Firefox - classic) https://ci.moodle.org/view/Testing/job/DEV.01%20-%20Developer-requested%20Behat/64388/ App tests (stable app version) Built on: Wed Mar 26 06:25:16 UTC 2025

      Follow up from MDL-84126

      All of the new capabilities (one example picked at random) define th contextlevel as CONTEXT_USER which means they can never be configured by role in the context of a course and/or activity. The Behat scenarios also currently do not assert real world behaviour, given it's currently impossible to configure these capabilities in course/activity contexts

      You can see the context which is used for the capability check here

      This means it's rather an "all or nothing" approach currently, and we are side stepping typical capability usage which allows for more fine grained control per context level - e.g. I want to prevent the capability by default at system level, but allow for a specific role in a specific course and/or activity. Or the inverse, I want to enable it for all users at system level (as now), but prohibit it for a specific role in a specific course and/or activity

      Basically, it seems we've implemented an artificial limitation in the way the capabilities are currently defined, that prevents the flexibility that we would typically expect within lower context levels

      For further discussion around this please see precedent set in MDL-46783

        1. MDL-84884.png
          MDL-84884.png
          263 kB

            pholden Paul Holden
            pholden Paul Holden
            Meirza Meirza
            Jun Pataleta Jun Pataleta
            Ron Carl Alfon Yu Ron Carl Alfon Yu
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours, 39 minutes
                2h 39m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.